Biometric authentication as a second factor

Following Apple’s introduction of a fingerprint sensor on iPhone 5s in 2013, smartphones increasingly come with a biometric sensor. Market research firms expect that 100% of the installed base will have some form of embedded biometrics by 2020 – this is not yet a commodity, but it will come fast. inWebo has therefore upgraded its solutions to support biometry as a second factor. This option is available on request to all customers, existing as well as prospects still evaluating inWebo (free trial).

Why “as a second factor”

Biometric authentication works by recognizing a trait of a person. From a security perspective though, the biometric authentication is not more secure than to ask that person to enter a PIN. There are various justifications for this (the actual robustness depends on the biometric authentication technology) but the most common is that, with current implementations, you can reset a fingerprint sensor on a smartphone by entering a 4- or 6-digit PIN.

In order to use biometrics for a secure authentication process, it is therefore necessary to combine the biometric factor with one or several authentication factors of a different kind, “what you own”, a user device, e.g. a smartphone or a computer.

inWebo support of fingerprint sensors and biometric sensors

Upon activation of the option, it offers 2 alternatives, “biometry enabled” or “biometry forced”. The former applies to services that require users to enter a PIN as a second factor. Users who opt for it replace that PIN with biometrics. The latter mandates biometry as the second factor, therefore adding the authentication service on a smartphone will succeed only if that smartphone has a fingerprint sensor.

Biometry as a second factor can implemented with:

inWebo Authenticator version 4.2.0 or higher. The App supports Apple TouchID, as well as fingerprint sensors on Android Marshmallow (6.0+) smartphones, therefore you have nothing to do (develop, integrate, test) to make that magic happen

inWebo mAccess version (0.)2.8 or higher. Developers can use mAccess library to support fingerprint biometry in their App but also virtually any kind of biometry (voice, face…), as long as it is implemented with a “match on card” mechanism (i.e. the biometric data is stored and verified locally on the smartphone). The mAccess library documentation on inWebo developer website provides a complete implementation for fingerprint sensors.

How to activate biometric authentication with your inWebo service

The biometric authentication as a second factor option can be requested by checking a box when you create an evaluation account (here), or when you upgrade a basic plan to a premium one (there). You can also ask our solutions experts about it.